December 2017 Security Bulletin

By December 14, 2017Security Bulletin

Version 1.1

Published: 12/13/2017
Updated: 2/9/2018

This document describes security vulnerabilities that were addressed through software changes. Source code patches for these issues have been released to the Code Aurora Forum (CAF) and linked from this bulletin. These changes are applicable but not limited to Android for MSM (all Android releases from CAF using the Linux-kernel), Firefox OS for MSM & QRD Android projects. Customers were previously notified of the issues described in this bulletin. Each of the vulnerabilities has an associated security rating. A description of these ratings using v 1.2 of the ratings scheme can be found at the following link.

Please reach out to security-advisory@quicinc.com for any questions related to this bulletin.

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2017-11032 haochen (flank3rsky)
CVE-2017-8246 Seven Shen from Trend Micro Mobile Threat Research Team
CVE-2017-11028 Hao Chen
CVE-2017-11038, CVE-2017-11042, CVE-2017-11054, CVE-2017-11058, CVE-2017-11085, CVE-2017-11092, CVE-2017-14905, CVE-2017-8244, CVE-2017-9690, CVE-2017-9696, CVE-2017-9702, CVE-2017-9703, CVE-2017-9708, CVE-2017-9718 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/bulletin/ for individual credit information.
CVE-2017-11023, CVE-2017-11025, CVE-2017-11044, CVE-2017-8279 Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd.
CVE-2017-9698 Seven Shen
CVE-2017-11024, CVE-2017-11035, CVE-2017-9710 Jianqiang Zhao(@jianqiangzhao) and pjf(weibo.com/jfpan) of IceSword Lab, Qihoo 360
CVE-2017-11029 Pengfei Ding <604559863@qq.com>
CVE-2017-11033, CVE-2017-9722 Gengjia Chen (@chengjia4574) and pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd
CVE-2017-11007, CVE-2017-11017, CVE-2017-11027, CVE-2017-9701, CVE-2017-9713 derrek (https://twitter.com/derrekr6)
CVE-2017-11030 Gengjia Chen (@chengjia4574) and pjf(http://weibo.com/jfpan) of IceSword Lab, Qihoo 360Technology Co. Ltd
CVE-2017-9721 Derrek Haxx <derrek.haxx@yahoo.com>
CVE-2017-9700 Yuan-Tsung Lo (computernik@gmail.com), and Xuxian Jiang of C0RE Team (http://c0reteam.org)
CVE-2017-11035 Jianqiang Zhao (jianqiangzhao)
CVE-2017-11013, CVE-2017-11014, CVE-2017-11015 Scott Bauer
CVE-2017-11031 Peter Pi of Tencent Security Platform Department
CVE-2017-11045 Yang Dai(huahuaisadog@gmail.com) and Yu Pan (panyu6325@gmail.com) of vulpecker Team, Qihoo 360 Technology Co. Ltd
CVE-2017-11073 wolfu (付敬贵)
of Tencent Security Platform Department
CVE-2017-11043 Hao Chen (@flankersky) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd.

Table of vulnerabilities

</tr

Public ID Security Rating Technology Area Date Reported
CVE-2017-0619 High Kernel Internal
CVE-2017-0604 High Power Internal
CVE-2017-0621 High Camera Internal
CVE-2017-8254 High Audio Internal
CVE-2017-0632 High Audio Internal
CVE-2017-8234 High Camera Internal
CVE-2017-8240 High Kernel Internal
CVE-2017-9724 High Kernel Internal
CVE-2017-9725 High Kernel Internal
CVE-2016-10233 High Camera Internal
CVE-2017-11018 High Camera Internal
CVE-2017-10996 High Kernel Internal
CVE-2017-8255 High Boot Internal
CVE-2017-11026 Medium Boot 5/26/2016
CVE-2016-10232 High Display Internal
CVE-2017-7366 High Graphics_Linux Internal
CVE-2016-10235 High WLAN HOST Internal
CVE-2017-11032 Medium Kernel 8/8/2016
CVE-2017-0612 High Trusted Execution Environment Internal
CVE-2016-10234 High Data HLOS – LNX Internal
CVE-2017-0614 High Trusted Execution Environment Internal
CVE-2017-0620 High Kernel Internal
CVE-2017-8235 High Camera Internal
CVE-2017-0611 High Audio Internal
CVE-2017-0607 High Audio Internal
CVE-2017-0613 High Trusted Execution Environment Internal
CVE-2017-11022 High WLAN HOST 11/7/2016
CVE-2017-8253 High Camera Internal
CVE-2017-8238 High Camera Internal
CVE-2017-0626 Critical Trusted Execution Environment Internal
CVE-2016-10286 High Display Internal
CVE-2017-7373 High Display Internal
CVE-2017-0609 High Audio Internal
CVE-2017-8239 High Camera Internal
CVE-2017-0631 High Camera Internal
CVE-2017-0610 High Audio Internal
CVE-2017-7371 High BTHOST Internal
CVE-2017-8256 High WLAN HOST Internal
CVE-2017-10998 High Audio Internal
CVE-2017-9716 High Biometrics Internal
CVE-2017-8246 Medium Audio Internal
CVE-2017-11028 Medium Camera 2/17/2017
CVE-2017-14895 High WLAN HOST Internal
CVE-2017-8278 High Audio Internal
CVE-2017-8244 Medium Video 3/1/2017
CVE-2017-11025 Medium Audio 3/1/2017
CVE-2017-8279 Medium Services 3/6/2017
CVE-2017-9698 Medium Graphics_Linux 3/23/2017
CVE-2017-9710 Medium Data HLOS – LNX 3/23/2017
CVE-2017-11029 Medium Camera 3/28/2017
CVE-2017-11023 Medium Services 4/5/2017
CVE-2017-9696 Medium Camera 4/6/2017
CVE-2017-11019 Medium Display Internal
CVE-2017-11024 Medium WiredConnectivity 4/10/2017
CVE-2017-11033 Medium Kernel 4/11/2017
CVE-2017-9713 Medium WLAN HOST 4/13/2017
CVE-2017-11038 Medium Boot 4/14/2017
CVE-2017-9722 Medium Display 4/17/2017
CVE-2017-11030 Medium Display 4/17/2017
CVE-2017-9702 Medium Camera 4/24/2017
CVE-2017-9703 Medium Camera 4/25/2017
CVE-2017-11016 High Audio Internal
CVE-2017-9701 Medium Boot 4/26/2017
CVE-2017-9721 Medium Display 4/27/2017
CVE-2017-9719 High Display 5/4/2017
CVE-2017-9700 Medium Audio 5/8/2017
CVE-2017-9690 Medium Biometrics 5/10/2017
CVE-2017-9718 Medium Video 5/11/2017
CVE-2017-14897 High Trusted Execution Environment Internal
CVE-2017-14898 High WLAN HOST Internal
CVE-2017-14899 High WLAN HOST Internal
CVE-2017-11017 High Boot 6/2/2017
CVE-2017-11027 Medium Boot 6/2/2017
CVE-2017-11035 Medium WLAN HOST 6/2/2017
CVE-2017-11013 Critical WLAN HOST 6/8/2017
CVE-2017-14900 High WLAN HOST Internal
CVE-2017-11031 Medium Display 6/9/2017
CVE-2017-14901 High WLAN HOST Internal
CVE-2017-11014 Critical WLAN HOST 6/13/2017
CVE-2017-11045 Medium Camera 6/13/2017
CVE-2017-11015 Critical WLAN HOST 6/14/2017
CVE-2017-14905 Medium WLAN HOST 6/14/2017
CVE-2017-11054 Medium WLAN HOST 6/14/2017
CVE-2017-11058 Medium WLAN HOST 6/14/2017
CVE-2017-14902 High Qualcomm IPC Internal
CVE-2017-11044 Medium Graphics_Linux 6/19/2017
CVE-2017-11073 Medium WLAN HOST 6/21/2017
CVE-2017-11043 High WLAN HOST 6/27/2017
CVE-2017-11007 High Boot 6/28/2017
CVE-2017-11042 Medium Telephony 7/3/2017
CVE-2017-11035 Medium WLAN HOST 7/3/2017
CVE-2017-11092 High Graphics_Linux 7/17/2017
CVE-2017-11085 Medium Audio 7/17/2017
CVE-2017-9708 Medium Multimedia 7/25/2017

CVE-2017-0619

CVE ID CVE-2017-0619
Title Incorrect Calculation of Buffer Size in Kernel
Description The pinctrl driver allocates a buffer for function name field which does not take into account the string terminating character.
Technology Area Kernel
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-0604

CVE ID CVE-2017-0604
Title Incorrect Calculation of Buffer Size in Power
Description Insufficient memory allocation for BCL attribute which could result in out of bounds access.
Technology Area Power
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-0621

CVE ID CVE-2017-0621
Title Untrusted pointer dereference in Flash probe
Description Camera Flash will fail due to improper pointer dereference in probe when the driver type is PMIC.
Technology Area Camera
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-8254

CVE ID CVE-2017-8254
Title Use After Free in Audio
Description An audio client pointer is dereferenced before being checked if it is valid.
Technology Area Audio
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-0632

CVE ID CVE-2017-0632
Title Buffer Over-read in Audio
Description In msm8x16_wcd_codec_enable_micbias, in strnstr function, the 3rd argument is hardcoded, leading to out of bounds access.
Technology Area Audio
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-8234

CVE ID CVE-2017-8234
Title Buffer Over-read Vulnerability in Camera
Description An out of bounds access can potentially occur in a camera function.
Technology Area Camera
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-8240

CVE ID CVE-2017-8240
Title Buffer Over-read Vulnerability in Kernel
Description A kernel driver has an off-by-one buffer over-read vulnerability.
Technology Area Kernel
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-9724

CVE ID CVE-2017-9724
Title Untrusted Pointer Dereference in Kernel
Description User-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
Technology Area Kernel
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 5/9/2017
Patch

CVE-2017-9725

CVE ID CVE-2017-9725
Title Improper Input Validation in Kernel
Description During DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
Technology Area Kernel
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 5/9/2017
Patch

CVE-2016-10233

CVE ID CVE-2016-10233
Title Improper Input Validation in Camera
Description Improper input validation can lead to integer overflow in the camera driver.
Technology Area Camera
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 1/10/2017
Patch

CVE-2017-11018

CVE ID CVE-2017-11018
Title Buffer Copy without Checking Size of Input in Camera
Description Array access out of bounds may occur in the camera driver in the kernel
Technology Area Camera
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 8/7/2017
Patch

CVE-2017-10996

CVE ID CVE-2017-10996
Title String Errors in Kernel
Description A non NULL-terminated string can lead to memory violation/out of bounds access.
Technology Area Kernel
Vulnerability Type CWE-133 String Errors
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 5/9/2017
Patch

CVE-2017-8255

CVE ID CVE-2017-8255
Title Integer Overflow or Wraparound in UEFI
Description An integer overflow vulnerability exists in boot.
Technology Area Boot
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-11026

CVE ID CVE-2017-11026
Title Improper Authorization in Boot
Description While flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys.
Technology Area Boot
Vulnerability Type CWE-285 Improper Authorization
Access Vector Local
Security Rating Medium
Date Reported 5/26/2016
Customer Notified Date 8/7/2017
Patch

CVE-2016-10232

CVE ID CVE-2016-10232
Title Format String Vulnerability in Display
Description Format specifiers in sscanf calls were not specified correctly in MDSS.
Technology Area Display
Vulnerability Type CWE-134 Format String Vulnerability
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 1/10/2017
Patch

CVE-2017-7366

CVE ID CVE-2017-7366
Title Improper Input Validation in Graphics
Description A KGSL ioctl was not validating all of its parameters.
Technology Area Graphics_Linux
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2016-10235

CVE ID CVE-2016-10235
Title Improper Input Validation in WLAN
Description A VHT80 mode IBSS may stop beaconing when a HT40 peer joins its BSS.
Technology Area WLAN HOST
Vulnerability Type CWE-20 Improper Input Validation
Access Vector AdjacentNetwork
Security Rating High
Date Reported Internal
Customer Notified Date 1/10/2017
Patch

CVE-2017-11032

CVE ID CVE-2017-11032
Title Double Free in Kernel
Description A double free can occur when a memory allocation fails in the service-locator driver.
Technology Area Kernel
Vulnerability Type CWE-415 Double Free
Access Vector Local
Security Rating Medium
Date Reported 8/8/2016
Customer Notified Date 8/7/2017
Patch

CVE-2017-0612

CVE ID CVE-2017-0612
Title NULL Pointer Dereference in SafeSwitch
Description Providing large input/output buffer sizes while invoking SafeSwitch related IOCTLs can lead to a NULL pointer dereference.
Technology Area Trusted Execution Environment
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 1/10/2017
Patch

CVE-2016-10234

CVE ID CVE-2016-10234
Title Improper input validation in IPA IOCTL IPA_IOC_NAT_DMA
Description In the IPA IOCTL IPA_IOC_NAT_DMA ioctl handler, an array access out of bounds can occur.
Technology Area Data HLOS – LNX
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 1/10/2017
Patch

CVE-2017-0614

CVE ID CVE-2017-0614
Title Possible buffer overflows when loading image
Description A TOCTOU race condition could lead to a buffer overrun.
Technology Area Trusted Execution Environment
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-0620

CVE ID CVE-2017-0620
Title Integer overflow to buffer overflow in scm_call
Description Possible integer overflow followed by buffer overflow in scm_call as inputs are not validated properly.
Technology Area Kernel
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-8235

CVE ID CVE-2017-8235
Title Use After Free Vulnerability in Camera
Description A memory structure in a camera driver is not properly protected.
Technology Area Camera
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-0611

CVE ID CVE-2017-0611
Title Possible integer overflow to buffer overflow in q6asm_memory_map_regions
Description If userspace passes a very large value of buffer_count to q6asm_memory_map_regions, the large value could overflow, resulting in too-small buffer allocation, and a later buffer overflow.
Technology Area Audio
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-0607

CVE ID CVE-2017-0607
Title Possible stack-out-of-bounds in ion_handle_get_size() function
Description A possible stack-out-of-bound during audio use cases, when variable pointed by pointer “pa_len” is accessed in function ion_handle_get_size().
Technology Area Audio
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-0613

CVE ID CVE-2017-0613
Title Possible buffer overflow in qseecom_send_service_cmd
Description Buffer overflow when qseecom_send_svc_cmd_req message’s request buffer length is larger than shared buffer length.
Technology Area Trusted Execution Environment
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-11022

CVE ID CVE-2017-11022
Title Information Exposure in WLAN
Description The probe requests originated from user’s phone contains the information elements which specifies the supported wifi features. This shall impact the user’s privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.
Technology Area WLAN HOST
Vulnerability Type CWE-200 Information Exposure
Access Vector Network
Security Rating High
Date Reported 11/7/2016
Customer Notified Date 8/7/2017
Patch

CVE-2017-8253

CVE ID CVE-2017-8253
Title Improper Validation of Array Index in Camera
Description Kernel memory can potentially be overwritten if an invalid master is sent from userspace.
Technology Area Camera
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-8238

CVE ID CVE-2017-8238
Title Buffer Copy without Checking Size of Input in Camera
Description A buffer overflow vulnerability exists in a camera function.
Technology Area Camera
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-0626

CVE ID CVE-2017-0626
Title Cryptographic Issues in QCE Driver
Description SW key may be leaked during crypto operation using HW CE.
Technology Area Trusted Execution Environment
Vulnerability Type CWE-310 Cryptographic Issues
Access Vector Local
Security Rating Critical
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2016-10286

CVE ID CVE-2016-10286
Title Android Display Driver validation failure cleanup errors
Description During atomic commit – validate failures, the newly allocated pipes and pipes taken from the destroy list are cleaned up. Currently pipe ndx is checked which can lead to cleaning up the already in use multi-rect instead of the rect allocated in the current validate.
Technology Area Display
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-7373

CVE ID CVE-2017-7373
Title Double Free Vulnerability in Display
Description A double free vulnerability exists in a display driver.
Technology Area Display
Vulnerability Type CWE-415 Double Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-0609

CVE ID CVE-2017-0609
Title Possible user-controlled kernel memory read/write in msm_cpe_lsm_ioctl_compat
Description User may access kernel memory without check in msm_cpe_lsm_ioctl_compat.
Technology Area Audio
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-8239

CVE ID CVE-2017-8239
Title Information Exposure Vulnerability in Camera
Description Userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
Technology Area Camera
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-0631

CVE ID CVE-2017-0631
Title Kernel buffer over-read if power up setting size is larger than max
Description If powerup setting is larger than MAX_POWER_CONFIG and CONFIG_COMPAT is not enabled, a buffer over-read occurs.
Technology Area Camera
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-0610

CVE ID CVE-2017-0610
Title Unvalidated return value from copy_from_user in msm_pcm_playback_copy
Description Iif a copy_from_user fails, no action will be taken to handle it gracefully.
Technology Area Audio
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 2/14/2017
Patch

CVE-2017-7371

CVE ID CVE-2017-7371
Title Use After Free Vulnerability in Bluetooth
Description A data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.
Technology Area BTHOST
Vulnerability Type CWE-416 Use After Free
Access Vector AdjacentNetwork
Security Rating High
Date Reported Internal
Customer Notified Date 3/14/2017
Patch

CVE-2017-8256

CVE ID CVE-2017-8256
Title Improper Input Validation in WLAN
Description Array out of bounds access can occur if userspace sends more than 16 multicast addresses.
Technology Area WLAN HOST
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 4/11/2017
Patch

CVE-2017-10998

CVE ID CVE-2017-10998
Title Integer Overflow or Wraparound in Audio
Description In audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operation could overflow and produce a result far below the valid region.
Technology Area Audio
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 5/9/2017
Patch

CVE-2017-9716

CVE ID CVE-2017-9716
Title Improper Access Control in TrustZone
Description The qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications.
Technology Area Biometrics
Vulnerability Type CWE-284 Improper Access Control
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 7/3/2017
Patch

CVE-2017-8246

CVE ID CVE-2017-8246
Title Use-After-Free in ALSA PCM Playback Kernel Module
Description In function msm_pcm_playback_close(), prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.
Technology Area Audio
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported Internal
Customer Notified Date 4/11/2017
Patch

CVE-2017-11028

CVE ID CVE-2017-11028
Title Information Exposure in Camera
Description In the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().
Technology Area Camera
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating Medium
Date Reported 2/17/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-14895

CVE ID CVE-2017-14895
Title Update target name from hif after SSR
Description After a subsystem reset, iwpriv is not giving correct information.
Technology Area WLAN HOST
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/1/2017
Patch

CVE-2017-8278

CVE ID CVE-2017-8278
Title Integer Overflow or Wraparound in Audio
Description While reading audio data from driver, buffer overflow or integer overflow occurs.
Technology Area Audio
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 6/5/2017
Patch

CVE-2017-8244

CVE ID CVE-2017-8244
Title Buffer overflow in msm_vidc debugfs driver core_info_read and inst_info_read
Description In core_info_read and inst_info_read variable “dbg_buf”, “dbg_buf->curr” and “dbg_buf->filled_size” could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. “buffer->curr” itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).
Technology Area Video
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating Medium
Date Reported 3/1/2017
Customer Notified Date 5/9/2017
Patch

CVE-2017-11025

CVE ID CVE-2017-11025
Title Time-of-check Time-of-use (TOCTOU) Race Condition in Audio
Description Due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur.
Technology Area Audio
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating Medium
Date Reported 3/1/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-8279

CVE ID CVE-2017-8279
Title Time-of-check Time-of-use (TOCTOU) Race Condition in Core
Description Missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information.
Technology Area Services
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating Medium
Date Reported 3/6/2017
Customer Notified Date 6/5/2017
Patch

CVE-2017-9698

CVE ID CVE-2017-9698
Title Integer Overflow to Buffer Overflow in Graphics
Description Improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory.
Technology Area Graphics_Linux
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating Medium
Date Reported 3/23/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-9710

CVE ID CVE-2017-9710
Title Buffer Copy without Checking Size of Input in Data
Description IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg cache.
Technology Area Data HLOS – LNX
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 3/23/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-11029

CVE ID CVE-2017-11029
Title Buffer Copy without Checking Size of Input in Camera
Description Camera application triggers “user-memory-access” issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.
Technology Area Camera
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 3/28/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11023

CVE ID CVE-2017-11023
Title Buffer Copy without Checking Size of Input in Core
Description There is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads.
Technology Area Services
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 4/5/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-9696

CVE ID CVE-2017-9696
Title Buffer Over-read in Camera
Description Buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against “MSM_ISP_STATS_MAX”.
Technology Area Camera
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
Date Reported 4/6/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-11019

CVE ID CVE-2017-11019
Title Use After Free in Display
Description The fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence.
Technology Area Display
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported Internal
Customer Notified Date 8/7/2017
Patch

CVE-2017-11024

CVE ID CVE-2017-11024
Title Use After Free in Core
Description A race condition in the rmnet USB control driver can potentially lead to a Use After Free condition.
Technology Area WiredConnectivity
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 4/10/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11033

CVE ID CVE-2017-11033
Title Use After Free in Kernel
Description In the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer.
Technology Area Kernel
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 4/11/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-9713

CVE ID CVE-2017-9713
Title Buffer Copy without Checking Size of Input in WLAN
Description If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie, a buffer overflow occurs.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 4/13/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-11038

CVE ID CVE-2017-11038
Title Time-of-check Time-of-use (TOCTOU) Race Condition in Boot
Description While processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.
Technology Area Boot
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating Medium
Date Reported 4/14/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-9722

CVE ID CVE-2017-9722
Title Buffer Copy without Checking Size of Input in Display
Description When updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs.
Technology Area Display
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 4/17/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11030

CVE ID CVE-2017-11030
Title Use of Out-of-range Pointer Offset in Display
Description In the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel memory.
Technology Area Display
Vulnerability Type CWE-823 Use of Out-of-range Pointer Offset
Access Vector Local
Security Rating Medium
Date Reported 4/17/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-9702

CVE ID CVE-2017-9702
Title Untrusted Pointer Dereference in Camera
Description A user-space pointer is directly accessed in a camera driver.
Technology Area Camera
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating Medium
Date Reported 4/24/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-9703

CVE ID CVE-2017-9703
Title Use After Free in Camera
Description A race condition in a Camera driver can lead to a Use After Free condition.
Technology Area Camera
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 4/25/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-11016

CVE ID CVE-2017-11016
Title Use After Free in Audio
Description When memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.
Technology Area Audio
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 8/7/2017
Patch

CVE-2017-9701

CVE ID CVE-2017-9701
Title Use of Uninitialized Variable in Boot
Description While processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.
Technology Area Boot
Vulnerability Type CWE-457 Use of Uninitialized Variable
Access Vector Local
Security Rating Medium
Date Reported 4/26/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-9721

CVE ID CVE-2017-9721
Title Buffer Copy without Checking Size of Input in Display
Description In the boot loader, a buffer overflow can occur while parsing the splash image.
Technology Area Display
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 4/27/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-9719

CVE ID CVE-2017-9719
Title Buffer Copy without Checking Size of Input in Display
Description In the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.
Technology Area Display
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported 5/4/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-9700

CVE ID CVE-2017-9700
Title Use of Out-of-range Pointer Offset in Audio
Description Buffer overwrite is possible in fw_name_store if image name is 64 characters.
Technology Area Audio
Vulnerability Type CWE-823 Use of Out-of-range Pointer Offset
Access Vector Local
Security Rating Medium
Date Reported 5/8/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-9690

CVE ID CVE-2017-9690
Title Integer Overflow to Buffer Overflow in Core
Description In a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow.
Technology Area Biometrics
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating Medium
Date Reported 5/10/2017
Customer Notified Date 7/3/2017
Patch

CVE-2017-9718

CVE ID CVE-2017-9718
Title Time-of-check Time-of-use (TOCTOU) Race Condition in Multimedia
Description A race condition in a multimedia driver can potentially lead to a buffer overwrite.
Technology Area Video
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating Medium
Date Reported 5/11/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-14897

CVE ID CVE-2017-14897
Title Improper access while checking rpmb provision status
Description While handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.
Technology Area Trusted Execution Environment
Vulnerability Type CWE-264 Permissions, Privileges, and Access Controls
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/1/2017
Patch

CVE-2017-14898

CVE ID CVE-2017-14898
Title Buffer overrun vulnerability in txpower scale vendor command
Description While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/1/2017
Patch

CVE-2017-14899

CVE ID CVE-2017-14899
Title Buffer overrun vulnerability in txpower scale decr db vendor command
Description While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, a buffer overrun occurs.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/1/2017
Patch

CVE-2017-11017

CVE ID CVE-2017-11017
Title Buffer Copy without Checking Size of Input in Boot
Description While flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory.
Technology Area Boot
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported 6/2/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11027

CVE ID CVE-2017-11027
Title Information Exposure in Boot
Description While flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vunerability.
Technology Area Boot
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating Medium
Date Reported 6/2/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11035

CVE ID CVE-2017-11035
Title Buffer Copy without Checking Size of Input in WLAN
Description Possible buffer overflow or information leak due to incorrect initialization of callbacks and lack of the checks for buffer size.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 6/2/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11013

CVE ID CVE-2017-11013
Title Stack-based Buffer Overflow in WLAN
Description In a WiFi driver, a stack overflow can occur as there is no boundary check against an array bound.
Technology Area WLAN HOST
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector AdjacentNetwork
Security Rating Critical
Date Reported 6/8/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-14900

CVE ID CVE-2017-14900
Title Buffer overrun vulnerability in get chain RSSI vendor command
Description While processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/1/2017
Patch

CVE-2017-11031

CVE ID CVE-2017-11031
Title Use After Free in Display
Description The VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition.
Technology Area Display
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 6/9/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-14901

CVE ID CVE-2017-14901
Title Buffer Copy without Checking Size of Input in WLAN
Description A buffer overflow can occur in a vendor command.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/1/2017
Patch

CVE-2017-11014

CVE ID CVE-2017-11014
Title Buffer Copy without Checking Size of Input in WLAN
Description While parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector AdjacentNetwork
Security Rating Critical
Date Reported 6/13/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11045

CVE ID CVE-2017-11045
Title Use After Free in Camera
Description In a camera driver function, a race condition exists which can lead to a Use After Free condition.
Technology Area Camera
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 6/13/2017
Customer Notified Date 9/1/2017
Patch

CVE-2017-11015

CVE ID CVE-2017-11015
Title Stack-based Buffer Overflow in WLAN
Description In a WiFi driver, a buffer overflow can occur while parsing a frame.
Technology Area WLAN HOST
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector AdjacentNetwork
Security Rating Critical
Date Reported 6/14/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-14905

CVE ID CVE-2017-14905
Title Potential buffer over-read in WLAN driver when configuring MAC addresses
Description While processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
Technology Area WLAN HOST
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
Date Reported 6/14/2017
Customer Notified Date 10/2/2017
Patch

CVE-2017-11054

CVE ID CVE-2017-11054
Title Buffer Over-read in WLAN
Description While processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
Technology Area WLAN HOST
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
Date Reported 6/14/2017
Customer Notified Date 10/2/2017
Patch

CVE-2017-11058

CVE ID CVE-2017-11058
Title Buffer Over-read in WLAN
Description While processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
Technology Area WLAN HOST
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
Date Reported 6/14/2017
Customer Notified Date 10/2/2017
Patch

CVE-2017-14902

CVE ID CVE-2017-14902
Title Use After Free in GLink kernel driver
Description Due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.
Technology Area Qualcomm IPC
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/1/2017
Patch

CVE-2017-11044

CVE ID CVE-2017-11044
Title Use After Free in Graphics
Description In a KGSL driver function, a race condition exists which can lead to a Use After Free condition.
Technology Area Graphics_Linux
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 6/19/2017
Customer Notified Date 9/1/2017
Patch

CVE-2017-11073

CVE ID CVE-2017-11073
Title Improper Input Validation in WLAN
Description The qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space.
Technology Area WLAN HOST
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating Medium
Date Reported 6/21/2017
Customer Notified Date 9/1/2017
Patch

CVE-2017-11043

CVE ID CVE-2017-11043
Title Integer Overflow to Buffer Overflow in WLAN
Description An a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.
Technology Area WLAN HOST
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector AdjacentNetwork
Security Rating High
Date Reported 6/27/2017
Customer Notified Date 9/1/2017
Patch

CVE-2017-11007

CVE ID CVE-2017-11007
Title Buffer Copy without Checking Size of Input in Boot
Description There is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.
Technology Area Boot
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating High
Date Reported 6/28/2017
Customer Notified Date 8/7/2017
Patch

CVE-2017-11042

CVE ID CVE-2017-11042
Title Permissions, Privileges, and Access Controls in IMS
Description ImsService and the IQtiImsExt AIDL APIs are not subject to access control.
Technology Area Telephony
Vulnerability Type CWE-264 Permissions, Privileges, and Access Controls
Access Vector Local
Security Rating Medium
Date Reported 7/3/2017
Customer Notified Date 10/2/2017
Patch

CVE-2017-11035

CVE ID CVE-2017-11035
Title Buffer Copy without Checking Size of Input in WLAN
Description Possible buffer overflow or information leak in the functions “sme_set_ft_ies” and “csr_roam_issue_ft_preauth_req” due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 7/3/2017
Customer Notified Date 10/2/2017
Patch

CVE-2017-11092

CVE ID CVE-2017-11092
Title Use After Free in Graphics
Description In the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.
Technology Area Graphics_Linux
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported 7/17/2017
Customer Notified Date 10/2/2017
Patch

CVE-2017-11085

CVE ID CVE-2017-11085
Title Integer Overflow to Buffer Overflow in Audio
Description An integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c
Technology Area Audio
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating Medium
Date Reported 7/17/2017
Customer Notified Date 10/2/2017
Patch

CVE-2017-9708

CVE ID CVE-2017-9708
Title Use After Free in Camera
Description A race condition could lead to a use-after-free condition in the camera driver.
Technology Area Multimedia
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 7/25/2017
Customer Notified Date 10/2/2017
Patch

Industry Coordination

Security ratings of issues included in Android security
bulletins and these bulletins match in the most common scenarios but may
differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific
    scenarios that involves local denial of service or privilege escalation
    vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 December 13, 2017 Bulletin Published
1.1 February 9, 2018 Bulletin updated